A wave of coordinated cyber threats has triggered urgent warnings from multiple banks, as sophisticated phishing attacks using look alike websites put thousands of customer accounts at risk of being drained within minutes.
Several banks across Sri Lanka have issued simultaneous warnings to customers following a surge in cyber attacks involving fraudulent websites designed to steal login credentials and gain unauthorized access to bank accounts. The alerts come amid growing concerns over online banking security and phishing scams targeting unsuspecting users.
According to banking sources, hackers have been attempting to redirect customers to fake websites that closely mimic official bank portals. These spoofed platforms often feature domain names that appear almost identical to legitimate banking websites, making it difficult for users to distinguish between real and fraudulent pages.
Cybersecurity insiders revealed that more than a dozen Sri Lankan banks were either targeted or under threat, prompting local cyber security experts to respond quickly and counter the attacks after initial incidents were detected. The coordinated nature of the operation suggests a large scale effort to exploit vulnerabilities in digital banking behavior.
Hatton National Bank warned its customers to remain vigilant against fraudulent websites impersonating its official corporate platform. Customers were advised to access banking services only by directly typing the official web address into their browser or by using verified mobile applications, and to immediately report any suspicious activity.
Standard Chartered Sri Lanka also issued a cautionary message urging clients to avoid clicking on unknown links or sharing sensitive banking details. Customers were reminded to use only official digital channels such as the bank’s website or mobile app when accessing services.
Experts explained that these cyber attacks typically involve phishing emails or messages prompting users to take urgent action, such as resetting passwords. Once a user clicks the link and enters their credentials on a fake website, hackers quickly reuse that information on the real banking platform.
In many cases, customers receive a One Time Password from the legitimate bank system and unknowingly enter it into the fake site. This allows hackers to capture the OTP and complete the login process, gaining full access to the account.
Once inside, attackers can transfer funds to other accounts almost instantly, sometimes without even changing the original login credentials. This makes detection difficult and increases the speed at which financial losses can occur.
PanAsia Bank urged customers to carefully verify website addresses before entering login details and to use only its official online banking portal. It also warned against installing unknown applications and emphasized that OTPs should never be shared under any circumstances.
DFCC Bank echoed similar concerns, highlighting that scam websites often use slightly altered web addresses to deceive users. Customers were advised to double check all URLs before proceeding with any online banking activity.
Sampath Bank also issued a detailed alert to its users, cautioning them against scam attempts through fake payment links, promotional offers, and fraudulent websites using official branding. Customers were reminded to access digital banking services only through verified channels and never to input login credentials on unfamiliar platforms.
As phishing attacks and online banking fraud continue to rise, authorities and financial institutions are urging the public to adopt stronger cybersecurity awareness and safe browsing practices to protect their accounts from being compromised.
